Solaris ssh pam_krb

Nicolas Williams Nicolas.Williams at
Fri Mar 31 18:24:04 EST 2006

On Fri, Mar 31, 2006 at 06:17:53PM -0500, Jeffrey Hutzelman wrote:
> On Friday, March 31, 2006 04:20:48 PM -0600 Nicolas Williams 
> <Nicolas.Williams at> wrote:
> >What other kernel-land applications can you think of or imagine that
> >fundamentally needs direct multi-application PAG support in the kernel
> >and can't upcall?
> - Encrypted (local) filesystems

Orthogonal to PAGs.  The kernel needs to know keys for encrypting
objects/filesystems, but access controls are as normal (ACLs, mode bits).

We're planning on per-filesystem (think ZFS) keys, too, so there's no
per-"session" keys to worry about.

> - Kernel-mode ticket caches

Circular logic.

> - iscsi?

User credentials are not needed for iSCSI, typically, and iSCSI can
upcall like everybody else.

> Maybe PAG-based authorization for things like X server or ssh agent 
> connections.  In reality, I bet those can be handled in user mode, though 
> an application like that would require some trusted entity for allocating 
> ID's which are unique across the system.

Authorization by PAG requires making changes to lots of things in the
kernel (e.g., two procs w/ equal cred_t's but for different PAGs should
not be allowed to trace each other w/o special privilege).

Keep it simple.


More information about the Kerberos mailing list